Re: Virus cleanup - fix compromised windows firewall settings

On Aug 21, 8:10 pm, Leythos <v...@xxxxxxxxxxx> wrote:
In article <1187719486.791080.45...@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
sean.bl...@xxxxxxxxxx says...

I totally agree, normally. But regretfully we're dealing with a
horrible ISP that will take weeks to wipe the box. We also have no
clean area to do a reinstall in because it's remote. Also, it's
supposed to be behind a firewall, but I just don't think the ISP has
very strict rules on the firewall.

Why are you using ISP's hardware if they have shown they can't protect
the OS/apps?

Either get your own servers and firewall or find another ISP to host
your applications.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999f...@xxxxxxxxxx (remove 999 for proper email

It's political. The client's CEO and the owner of the ISP are old
drinking buddies. I've tried to get the servers moved, but the boss
won't let it happen.

At any rate, my hands being tied how they are, we're way off-topic. I
would LOVE to move the server to a better ISP, and I would LOVE to
have the machine rebuilt, but I cannot make that happen in any
reasonable amount of time. So, I have to work with the cards I'm
dealt. I don't like it more than anybody else.

Does anybody have any ideas on how to clean this up? I need to get
this port out of the firewall, but I can't figure out where it's
hiding. I deleted a registry entry for windows Firewall, and it now
shows the policy = none when I do the show state, so that's good.
But, that open port is still open and grayed out so I can't modify
it. Does anybody have any idea where this might be hiding.

.

Relevant Pages

  • Re: 127.0.0.1 and current follow-on; clearly spyware of some type?
    ... Probably something you set up under the old ISP is ... > firewall choosing not to save and re-import the existing rules. ... > looking for unauthorized servers. ... > Most firewall software will report these scans as an attack, ...
    (comp.security.firewalls)
  • Re: port 80 is open
    ... The firewall drops all packets initiated ... > internet the ISP router does not send the unreachable message. ... and then close the connection as your IP is seen as not connected. ...
    (comp.security.firewalls)
  • Re: firewall protection HELP
    ... I have a block of IP from my ISP, and I would like to setup a few ... servers at my house. ... my house have a few ... NICs to firewall the servers and routing 192.168.*.* network? ...
    (comp.os.linux.networking)
  • Re: IP address spoofing
    ... >These are mostly UDP packets being dropped. ... You don't need a firewall to stop ... bandwidth' over the wire, there really isn't that much you can do ... If you are lucky, your ISP might be ...
    (comp.security.firewalls)
  • Re: Exchange not retrieving email (POP3 Connector)
    ... I'd certainly urge you to switch to incoming SMTP. ... about the workstation Windows firewall or on the SBS itself (and do you have ... Seems as though the last email I sent to my ISP ...
    (microsoft.public.windows.server.sbs)